|
|
|
|
@ -40,6 +40,20 @@ |
|
|
|
|
|
|
|
|
|
<itemizedlist> |
|
|
|
|
|
|
|
|
|
<listitem> |
|
|
|
|
<para> |
|
|
|
|
Fix <filename>contrib/pgcrypto</> to detect and report |
|
|
|
|
too-short <function>crypt()</> salts (Josh Kupershmidt) |
|
|
|
|
</para> |
|
|
|
|
|
|
|
|
|
<para> |
|
|
|
|
Certain invalid salt arguments crashed the server or disclosed a few |
|
|
|
|
bytes of server memory. We have not ruled out the viability of |
|
|
|
|
attacks that arrange for presence of confidential information in the |
|
|
|
|
disclosed bytes, but they seem unlikely. (CVE-2015-5288) |
|
|
|
|
</para> |
|
|
|
|
</listitem> |
|
|
|
|
|
|
|
|
|
<listitem> |
|
|
|
|
<para> |
|
|
|
|
Fix subtransaction cleanup after a portal (cursor) belonging to an |
|
|
|
|
@ -124,6 +138,14 @@ |
|
|
|
|
</para> |
|
|
|
|
</listitem> |
|
|
|
|
|
|
|
|
|
<listitem> |
|
|
|
|
<para> |
|
|
|
|
Guard against hard-to-reach stack overflows involving record types, |
|
|
|
|
range types, <type>json</>, <type>jsonb</>, <type>tsquery</>, |
|
|
|
|
<type>ltxtquery</> and <type>query_int</> (Noah Misch) |
|
|
|
|
</para> |
|
|
|
|
</listitem> |
|
|
|
|
|
|
|
|
|
<listitem> |
|
|
|
|
<para> |
|
|
|
|
Fix handling of <literal>DOW</> and <literal>DOY</> in datetime input |
|
|
|
|
|
Tom Lane
10 years ago